Overview
Perform operations on G Suite users, groups and roles via Workflow Automator
Description
Orchestration apps let you automate repeatable tasks and actions that span across a diverse set of systems and applications using workflows. The list of actions supported for this app include:
User Management
Get User
Create User
Update User
Delete User
Undelete User
Make User Super Admin
Reset Password
Get Schema
Role Management
Assign a Role To User
Get Role Assignment
Delete Role Assignment
Group Management
Get Group Details
Create Group
Update Group
Delete Group
Get Group Member
Assign Member to Group
Update group member
Delete group member
Check Group Member
Assign Member to Multiple Groups
Prerequisites
To install and authenticate the app you need to provide the following input:
Client Email
Private Key
Private Key Id
Email Id (The Gsuite account email address)
Step 1: Create a Service Account
Set up a Service Account project in the Google API Console.
Create a new project (or select an existing one)
Click on Create service account.
Under Service account details, type a name, ID, and description for the service account, then click Create.
Under Service account permissions, select the IAM roles as 'Project Owner' to grant to the service account, then click Continue.
Optional: Under Grant users access to this service account, add the users or groups that are allowed to use and manage the service account.
After the service account is created, open the service account, click on "Edit" then click "Add Key" under "Keys", then click "Create New Key".
Make sure the key type is set to JSON and click Create.
Click Close > Save
Then click on "Domain-Wide Delegation" and then tick "Enable G Suite Domain-wide Delegation".
Save the downloaded JSON key.
Your new public/private key pair is generated and downloaded to your machine; it serves as the only copy of the private key. You are responsible for storing it securely. If you lose this key pair, you will need to generate a new one.
Note: The Client Email, Private Key and Private Key Id are obtained from Service account JSON file downloaded.
Step 2: Enable Admin SDK API
Open your project in the API Console. Click on ENABLE APIS AND SERVICES
In the list of APIs, search and click Admin SDK API.
Click on ENABLE to enable Admin SDK API
Step 3: Assign OAUTH Scopes for Admin SDK API
Under Domain-wide delegation, click Manage Domain Wide Delegation.
On the Manage domain-wide delegation page, click Add new.
Enter the client ID of the service account or OAuth2 client ID of the app.
Under the OAuth Scope, add each scope that the application can access.
Click Authorize
Provide following OAuth scopes using the above steps
1. https://www.googleapis.com/auth/admin.directory.group
2. https://www.googleapis.com/auth/admin.directory.group.member
3. https://www.googleapis.com/auth/admin.directory.group.readonly
4. https://www.googleapis.com/auth/admin.directory.user
5. https://www.googleapis.com/auth/admin.directory.user.readonly
6. https://www.googleapis.com/auth/admin.directory.user.security
7. https://www.googleapis.com/auth/admin.directory.group.member.readonly
8. https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly
9. https://www.googleapis.com/auth/admin.directory.rolemanagement